Anti-Money Laundering (AML) Source Tool for Broker-Dealers

Date: June 20, 2012

This research guide, or “source tool,” is a compilation of key AML laws, rules, orders, and guidance applicable to broker-dealers. Several statutory and regulatory provisions, and related rules of the securities self-regulatory organizations (SROs), impose AML obligations on broker-dealers. A wealth of related AML guidance materials is also available. To aid research efforts into AML requirements and to assist broker-dealers with AML compliance, this source tool organizes key AML compliance materials and provides related source information.

When using this research “tool” or guide, you should keep the following in mind:

First, securities firms are responsible for complying with all AML requirements to which they are subject. Although this research guide summarizes some of the key AML obligations that are applicable to broker-dealers, it is not comprehensive. You should not rely on the summary information provided, but should refer to the relevant statutes, rules, orders, and interpretations.

Second, AML laws, rules, and orders are subject to change and may change quickly. Statutes that include AML-related provisions may be amended from time to time, and new statutes may be enacted which include AML-related provisions. The information summarized in this guide is current as of May 1, 2012. In addition, please note that in July 2007, the SEC approved the establishment of the Financial Industry Regulatory Authority (FINRA). FINRA consolidated the former NASD and the member regulation, enforcement, and arbitration operations of NYSE Regulation. The Source Tool reflects the historical issuance of AML rules and guidance by the NASD and NYSE as well as new rules and guidance issued by FINRA.

Finally, you will find a list of telephone numbers and useful websites at the end of this guide. If you have questions concerning the meaning, application, or status of a particular law, rule, order, or guidance, you should consult with an attorney experienced in the areas covered by this guide.

This compilation was prepared by staff in the Office of Compliance Inspections and Examinations (OCIE), Securities and Exchange Commission. The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed in this document are those of the staff and do not necessarily represent the views of the Commission, or other Commission staff.

1. The Bank Secrecy Act

The Bank Secrecy Act (BSA), initially adopted in 1970, establishes the basic framework for AML obligations imposed on financial institutions. Among other things, it authorizes the Secretary of the Treasury (Treasury) to issue regulations requiring financial institutions (including broker-dealers) to keep records and file reports on financial transactions that may be useful in investigating and prosecuting money laundering and other financial crimes. The Financial Crimes Enforcement Network (FinCEN), a bureau within Treasury, has regulatory responsibilities for administering the BSA.

Rule 17a-8 under the Securities Exchange Act of 1934 (Exchange Act) requires broker-dealers to comply with the reporting, recordkeeping, and record retention rules adopted under the BSA.

31 C.F.R. Chapter X is comprised of a “General Provisions Part” and separate financial-institution-specific parts for those financial institutions subject to FinCEN regulations. The General Provisions Part (Part 1010) contains regulatory requirements that apply to more than one type of financial institution, and in some cases, individuals. The financial-institution-specific parts contain regulatory requirements specific to a particular type of financial institution. The financial-institution-specific part that pertains to broker-dealers is Part 1023 (31 C.F.R. §§ 1023.100 et seq.).

2. The USA PATRIOT Act

The USA PATRIOT Act was enacted by Congress in 2001 in response to the September 11, 2001 terrorist attacks. Among other things, the USA PATRIOT Act amended and strengthened the BSA. It imposed a number of AML obligations directly on broker-dealers, including:

AML compliance programs;

customer identification programs;

monitoring, detecting, and filing reports of suspicious activity;

due diligence on foreign correspondent accounts, including prohibitions on transactions with foreign shell banks;

due diligence on private banking accounts;

mandatory information-sharing (in response to requests by federal law enforcement); and

compliance with “special measures” imposed by the Secretary of the Treasury to address particular AML concerns.

Source Document:

USA PATRIOT Act: Title 3 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, Pub. L. No. 107-56, 115 Stat. 296 (2001). The full text of the USA PATRIOT Act is available at:

3. AML Programs

Section 352 of the USA PATRIOT ACT amended the BSA to require financial institutions, including broker-dealers, to establish AML programs. Broker-dealers can satisfy this requirement by implementing and maintaining an AML program that complies with SRO rule requirements. In September 2009, the SEC approved FINRA's new AML compliance rule, FINRA Rule 3310. FINRA's new rule adopts NASD Rule 3011 and most of NASD IM-3011-1 and deletes NYSE Rule 445 as duplicative. As with NASD Rule 3011 and NYSE Rule 445, FINRA Rule 3310 requires member organizations to establish risk-based AML compliance programs. Please note, however, that FINRA Rule 3310 does not contain the exception in NASD IM-3011-1 to the independent testing requirement. FINRA Rule 3310 became effective on January 1, 2010.

An AML program must be in writing and include, at a minimum:

policies, procedures, and internal controls reasonably designed to achieve compliance with the BSA and its implementing rules;

policies and procedures that can be reasonably expected to detect and cause the reporting of transactions under 31 U.S.C. 5318(g) and the implementing regulations thereunder;

the designation of an AML compliance officer (AML Officer), including notification to the SROs;

ongoing AML employee training; and

an independent test of the firm’s AML program, annually for most firms.

Please note that the NYSE and NASD rules noted below have now been incorporated into a new FINRA Rule 3310 (see above). The information below is provided for historical purposes, and may still contain useful guidance.

verifying the identity of each customer, to the extent reasonable and practicable, within a reasonable time before or after account opening;

making and maintaining a record of information obtained relating to identity verification;

determining within a reasonable time after account opening or earlier whether a customer appears on any list of known or suspected terrorist organizations designated by Treasury;2 and

providing each customer with adequate notice, prior to opening an account, that information is being requested to verify the customer’s identity.

The CIP rule provides that, under certain defined circumstances, broker-dealers may rely on the performance of another financial institution to fulfill some or all of the requirements of the broker-dealer's CIP. For example, in order for a broker-dealer to rely on the other financial institution the reliance must be reasonable. The other financial institution also must be subject to an AML compliance program rule and be regulated by a federal functional regulator. The broker-dealer and other financial institution must enter into a contract and the other financial institution must certify annually to the broker-dealer that it has implemented an AML program. The other financial institution must also certify to the broker-dealer that the financial institution will perform the specified requirements of the broker-dealer's CIP.

No-Action Letters to the Securities Industry Association (“SIA”) (February 12, 2004; February 10, 2005; July 11, 2006; January 10, 2008; January 11, 2010; and January 11, 2011). (The letters provide staff guidance regarding the extent to which a broker-dealer may rely on an investment adviser to conduct the required elements of the CIP rule, prior to such adviser being subject to an AML rule. Among other things, the 2011 letter provides additional details regarding the reasonableness of a broker-dealer’s reliance on an investment adviser and also includes a requirement that the investment adviser promptly report to the broker-dealer potentially suspicious or unusual activity detected as part of the CIP being performed on the broker-dealer’s behalf. )

Overview: Sections 312, 313, and 319 of the USA PATRIOT Act, which amended the BSA, are inter-related provisions involving accounts called “correspondent accounts.” These inter-related provisions include prohibitions on certain types of correspondent accounts (those maintained for foreign “shell” banks) as well as requirements for risk-based due diligence of foreign correspondent accounts more generally.

A “correspondent account” is defined as: “any formal relationship established for a foreign financial institution to provide regular services to effect transactions in securities.”

A “foreign financial institution” includes: (i) a foreign bank (including a foreign branch or office of a U.S. bank); (ii) a foreign branch or office of a securities broker-dealer, futures commission merchant, introducing broker in commodities, or mutual fund; (iii) a business organized under foreign law (other than a branch or office of such business in the U.S.) that if it were located in the U.S. would be a securities broker-dealer, futures commission merchant, introducing broker in commodities, or a mutual fund; and (iv) a money transmitter or currency exchange organized under foreign law (other than a branch or office of such entity in the U.S.).

In addition, Treasury has clarified that, for a broker-dealer, a “correspondent account” includes:

custody accounts for holding securities or other assets in connection with securities transactions as collateral; and

over-the-counter derivatives contracts.

Prohibitions on Foreign Shell Banks: A broker-dealer is prohibited from establishing, maintaining, administering, or managing “correspondent accounts” in the U.S. for, or on behalf of, foreign “shell” banks (i.e., foreign banks with no physical presence in any country). Broker-dealers also must take steps to ensure that they are not indirectly providing correspondent banking services to foreign shell banks through foreign banks with which they maintain correspondent relationships. In order to assist institutions in complying with the prohibitions on providing correspondent accounts to foreign shell banks, Treasury has provided a model certification that can be used to obtain information from foreign bank correspondents. In addition, broker-dealers must obtain records in the United States of foreign bank owners and agents for service of process (Sections 313 and 319 of the USA PATRIOT Act).

Due Diligence Regarding Foreign Correspondent Accounts: A broker-dealer is required to establish a risk-based due diligence program (that is part of its AML compliance program) for any “correspondent accounts” maintained for foreign financial institutions. The due diligence program, which is required to be a part of the broker-dealer’s overall AML program, must include appropriate, specific, risk-based policies, procedures, and controls reasonably designed to enable the broker-dealer to detect and report, on an ongoing basis, any known or suspected money laundering conducted through or involving any foreign correspondent account (Section 312 of the PATRIOT Act).

Treasury has finalized a related rule that states when enhanced due diligence on foreign financial institutions is required.

6. Due Diligence Programs for Private Banking Accounts

Section 312 of the USA PATRIOT Act amended the BSA to, among other things, impose special due diligence requirements on financial institutions, including broker-dealers, that establish, maintain, administer or manage a private banking account or a “coorespondent account” in the United States for a “non-United States person.” Treasury’s regulations provide that a “covered financial institution” is required to maintain a due diligence program that includes policies, procedures, and controls that are reasonably designed to detect and report any known or suspected money laundering or suspicious activity conducted through or involving a “private banking account” that is established, maintained, administered or managed in the U.S. by the financial institution. In addition, the regulations set forth certain minimum requirements for the required due diligence program with respect to private banking accounts and require enhanced scrutiny to any such accounts where the nominal or beneficial owner is a “senior foreign political figure.”

The regulations define a “private banking account” as an account that: (a) requires a minimum deposit of assets of at least $1,000,000; (b) is established or maintained on behalf of one or more non-U.S. persons who are direct or beneficial owners of the account; and (c) has an employee assigned to the account who is a liaison between the broker-dealer and the non-U.S. person.

The definition of “senior foreign political figure” extends to any member of the political figure’s immediate family, and any person widely and publicly known to be a close associate of the foreign political figure as well as any entities formed for the benefit of such persons (such persons are commonly referred to as PEPs, or Politically Exposed Persons).

determine the identity of all nominal and beneficial owners of the private banking accounts;

determine whether any such owner is a “senior foreign political figure” and therefore subject to enhanced scrutiny that is reasonably designed to detect transactions that may involve the proceeds of foreign corruption;

determine the source of funds deposited into the private banking account and the purpose and use of such account;

review the activity of the account as needed to guard against money laundering; and

report any suspicious activity, including transactions involving senior foreign political figures that may involve proceeds of foreign corruption.

7. Suspicious Activity Monitoring and Reporting

Under Treasury's SAR rule, a broker-dealer is required to file a suspicious activity report if: (i) a transaction is conducted or attempted to be conducted by, at, or through a broker-dealer; (ii) the transaction involves or aggregates funds or other assets of at least $5000; and (iii) the broker-dealer knows, suspects, or has reason to suspect that the transaction: (a) involves funds or is intended to disguise funds derived from illegal activity, (b) is designed to evade requirements of the BSA, (c) has no business or apparent lawful purpose, and the broker-dealer knows of no reasonable explanation for the transaction after examining the available facts, or (d) involves the use of the broker-dealer to facilitate criminal activity.

Broker-dealers must report the suspicious activity using a form Treasury has issued for the securities and futures industry, the SAR-SF (also referred to as FinCEN Form 101). The form, which is confidential, includes instructions.

Broker-dealers must maintain a copy of any SAR-SF filed and supporting documentation for a period of five years from the date of filing the SAR-SF.

In situations that require immediate attention, such as terrorist financing or ongoing money laundering schemes, broker-dealers should immediately notify law enforcement in addition to filing a SAR-SF. In addition, if a firm wishes to report suspicious transactions that may relate to terrorist activity, in addition to filing a SAR-SF, the firm may call FinCEN's Hotline at 1-866-556-3974. 5

8. Other BSA Reports

Broker-dealers have other reporting obligations imposed by the BSA. They include:

Currency Transaction Reports (CTRs): Broker-dealers are required to file with FinCEN a CTR for any transaction over $10,000 in currency, including multiple transactions occurring during the course of the same day. A broker-dealer must treat multiple transactions as a single transaction if the broker-dealer has knowledge that the transactions are conducted by or on behalf of the same person and result in either cash in or cash out totaling more than $10,000 during any one business day. A CTR filing is made using a Currency Transaction Report, FinCEN Form 104 (formerly IRS Form 4789).

Reports of Foreign Bank and Financial Accounts (FBARs): Broker-dealers are required to file reports of foreign bank and financial accounts if the aggregate value of the accounts exceeds $10,000. FBARs are filed with Treasury using Form TD F 90-22.1.

Reports of Currency or Monetary Instruments (CMIRs): Broker-dealers must report any transportation of more than $10,000 in currency or monetary instruments into or outside of the U.S. on a Report of International Transportation of Currency or Monetary Instruments, FinCEN Form 105 (formerly Customs Form 4790). CMIRs are filed with the Commissioner of Customs.

9. Records of Funds Transfers

Under the “joint rule” and “travel rule,” broker-dealers must keep records of funds transfers of $3000 or more (such as wire transfers), including certain related information (such as name, address, account number of client, date and amount of wire, payment instructions, name of recipient institution, and name and account information of wire payment recipient). The “travel rule” also requires that certain information obtained or retained by the transmittor's financial institution “travel” with the transmittal order through the payment chain.

10. Information Sharing with Law Enforcement and Financial Institutions

Two provisions relating to information sharing were added to the BSA by the USA PATRIOT Act. One provision requires broker-dealers to respond to mandatory requests for information made by FinCEN on behalf of federal law enforcement agencies. The other provides a safe harbor to permit and facilitate voluntary information sharing among financial institutions.

Mandatory Information Sharing: Section 314(a) Requests: FinCEN’s BSA information sharing rules, under Section 314(a), authorize law enforcement agencies with criminal investigative authority to request that FinCEN solicit, on the agency’s behalf, certain information from a financial institution, including a broker-dealer. These requests are often referred to as “Section 314(a) information requests.” Upon receiving a Section 314(a) request, a broker-dealer is required to search its records to determine whether it has accounts for, or has engaged in transactions with, any specified individual, entity, or organization. If the broker-dealer identifies an account or transaction identified with any individual, entity or organization named in the request, it must report certain relevant information to FinCEN. Broker-dealers also must designate a contact person (typically the firm’s AML compliance officer) to receive the requests and must maintain the confidentiality of any request and any responsive reports to FinCEN.

Voluntary Information Sharing Among Financial Institutions: Section 314(b): A separate safe harbor provision encourages and facilitates voluntary information sharing among participating financial institutions. The safe harbor provision, added to the BSA by Section 314(b) of the USA PATRIOT Act, protects financial institutions, including broker-dealers, from certain liabilities in connection with sharing certain AML related information with other financial institutions for the purposes of identifying and reporting activities that may involve terrorist acts or money laundering activities. Treasury's implementing regulations require that a financial institution or association of financial institutions that intends to share information pursuant to the regulations must file an annual notice with FinCEN, maintain procedures to protect the security and confidentiality of the information, and take reasonable steps to verify that the financial institution or association of financial institutions with which it intends to share the information has filed the required notice with FinCEN. This may be done by checking a list that FinCEN makes available. A notification form and instructions for submitting a notification form (initial or renewal) are available on FinCEN's website.

11. Special Measures Imposed by the Secretary of the Treasury

Section 311 of the USA PATRIOT Act amended the BSA to authorize the Secretary of the Treasury to require broker-dealers to take “special measures” to address particular money laundering concerns. The Secretary of the Treasury may impose special measures on foreign jurisdictions, financial institutions, or transactions or types of accounts found to be of “primary money laundering concern.” There are five “special measures,” including prohibiting U.S. financial institutions from opening or maintaining certain correspondent accounts. In addition, FinCEN issued a rule proposal on November 28, 2011, which, if adopted, will impose special measures against the Islamic Republic of Iran.11

12. OFAC Sanctions Programs and Other Lists

OFAC is an office within Treasury that administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals against targeted foreign countries, terrorism sponsoring organizations, international narcotics traffickers, and those engaged in activities related to the proliferation of weapons of mass destruction. OFAC acts under Presidential wartime and national emergency powers, as well as authority granted by specific legislation, to impose controls on transactions and freeze foreign assets under U.S. jurisdiction.

OFAC’s sanctions programs are separate and distinct from, and in addition to, the AML requirements imposed on broker-dealers under the BSA.

As a tool in administering sanctions, OFAC publishes lists of sanctioned countries and persons that are continually being updated. Its list of Specially Designated Nationals and Blocked Persons (SDNs) lists individuals and entities from all over the world whose property is subject to blocking and with whom U.S. persons cannot conduct business. OFAC also administers country-based sanctions that are broader in scope than the “list-based” programs.

In general, OFAC regulations require broker-dealers to:

block accounts and other property or property interests of entities and individuals that appear on the SDN list;

block accounts and other property or property interests of entities and individuals subject to blocking under OFAC country-based programs; and

Broker-dealers must report all blockings and rejections of prohibited transactions to OFAC within 10 days of being identified and annually. OFAC has the authority to impose substantial civil penalties administratively. To guard against engaging in OFAC prohibited transactions, one best practice that has emerged entails “screening against the OFAC list.” OFAC has stated that it will take into account the adequacy of a firm’s OFAC compliance program when it evaluates whether to impose a penalty if an OFAC violation has occurred. Firms should be aware of other lists, such as the Financial Action Task Force (“FATF”) list of non-compliant countries (the “NCCT list”). If transactions originate from or are routed to any FATF-identified countries, it might be an indication of suspicious activity.12

Source Documents:

OFAC Guidance:

Program information, including the SDN list and countries subject to OFAC sanctions, is available on the OFAC website at:

FINRA
Please contact your local FINRA Coordinator directly with any questions relating to AML requirements. If you have not received notification of your assigned Coordinator, contact your FINRA District Office for more details. Contact information is available at the following link: www.finra.org/contactus/districts

1Note that, since NTM 02-21 was issued, there have been a number of changes to AML requirements. For example, the NASD revised its AML program rule. See NASD NTM 06-07. FinCEN also adopted a number of AML requirements, including the requirement to file suspicious activity reports. See 67 Fed.Reg. 44048 (July 1, 2002).

2As of the date of this guide, there are no designated government lists to verify specifically for CIP purposes. Customer comparisons to lists issued by OFAC involve separate and distinct requirements.

3FinCEN and the federal banking agencies have issued guidance applicable to banks regarding the CIP rule that may be of interest to securities firms. SeeInteragency FAQs:Final CIP Rule (January 2004) and Interagency Interpretive Guidance on Customer Identification Program Requirements under Section 326 of the USA PATRIOT Act (April 28, 2005).

4This examination manual, issued by the federal banking regulators regarding the AML requirements applicable to banks, contains guidance that may be of interest to securities firms.

5 Broker-dealers may also, but are not required to, contact the SEC to report situations that may require immediate attention by the SEC. The SEC SAR Alert Message Line number [202-551-SARS (7277)] should only be used in cases where a broker-dealer has filed a SAR that may require immediate attention by the SEC and wants to alert the SEC about the filing. Calling the SEC SAR Alert Message Line does not alleviate the broker-dealer's obligation to file a SAR or notify an appropriate law enforcement authority.

7 SAR Activity Reviews include two separate publications: SAR Activity Review Trends, Tips & Issues and SAR Activity Review By the Numbers. They are published on a regular basis under the auspices of the Bank Secrecy Act Advisory Group. These publications include: statistics regarding SAR filings and trends; an industry forum highlighting compliance issues and practices prepared by private sector members of the Advisory Group; and guidance regarding practical issues relevant to SAR filing and reporting. Guidance contained in these publications may be of interest and useful to securities firms. For example, see the following discussions contained in issues of The SAR Activity Review — Trends, Tips, and Issues: (i) "National Security Letters and Suspicious Activity Reporting," Issue 8 (April 2005); (ii) "Providing SARs to Appropriate Law Enforcement," Issue 9 ( October 2005); (iii) "Should a Financial Institution Document its Decision Not to File a Suspicious Activity Report" Issue 10 (May 2006); and (iv) "When Does the 30 Day Time Period in which to File a Suspicious Activity Report Begin?" Issue 10 (May 2006). In addition, the May 2009 publication of the SAR Activity Review Trends, Tips & Issues focuses on the securities industry.

8 Note that, since NTM 02-21 was issued, there have been a number of changes to AML requirements. For example, the NASD revised its AML program rule. See NASD NTM 06-07). FinCEN also has adopted a number of AML requirements, including the requirement to file SARs. See 67 Fed. Reg. 44048 (July 1, 2002).

9 FinCEN staff have indicated that the responses to Questions 17 and 18 in this Advisory are no longer completely accurate due to the expiration on July 1, 2004, of an exception relating to coded names and pseudonyms, at which time FinCEN confirmed the prohibition of the use of coded names and pseudonyms, but determined that the Travel Rule should be read to allow the use of mailing addresses. See 68 Fed. Reg. 66708 (November 28, 2003).

10 FinCEN staff have indicated that the responses to Questions 2 and 16 in this Advisory are no longer completely accurate due to the expiration on July 1, 2004 of an exception relating to coded names and pseudonyms, at which time FinCEN confirmed the prohibition of the use of coded names and pseudonyms, but determined that the Travel Rule should be read to allow the use of mailing addresses. See 68 Fed. Reg. 66708 (November 28, 2003).